Enterprise Linux Server Tus@7.7 Security Vulnerabilities and Issues — Enterprise Linux Server Tus@7.7 CVE List

Lucene search

RedhatEnterprise Linux Server Tus7.7

17 matches found

CVE•added 2020/02/07 3:15 p.m.•457 views

CVE-2019-15605

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

9.8CVSS9.5AI score0.32252EPSS

CVE•added 2020/01/13 6:15 a.m.•366 views

CVE-2020-6851

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

7.5CVSS7.9AI score0.0122EPSS

CVE•added 2020/01/15 5:15 p.m.•315 views

CVE-2020-2654

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Succ...

4.3CVSS4.5AI score0.00188EPSS

CVE•added 2020/01/15 5:15 p.m.•300 views

CVE-2020-2583

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS4.3AI score0.00325EPSS

CVE•added 2020/01/15 5:15 p.m.•296 views

CVE-2020-2604

8.1CVSS7.7AI score0.0215EPSS

CVE•added 2020/01/15 5:15 p.m.•293 views

CVE-2020-2659

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols...

4.3CVSS4.3AI score0.00197EPSS

CVE•added 2020/01/31 11:15 p.m.•289 views

CVE-2014-8141

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

7.8CVSS8.2AI score0.09912EPSS

CVE•added 2020/01/31 10:15 p.m.•278 views

CVE-2014-8139

Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

7.8CVSS8.3AI score0.09912EPSS

CVE•added 2020/01/31 10:15 p.m.•277 views

CVE-2014-8140

Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

7.8CVSS8.2AI score0.09912EPSS

CVE•added 2020/01/15 5:15 p.m.•263 views

CVE-2020-2601

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerb...

6.8CVSS6.7AI score0.00656EPSS

CVE•added 2020/01/15 5:15 p.m.•259 views

CVE-2020-2593

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mu...

5.8CVSS4.9AI score0.00451EPSS

CVE•added 2020/01/08 10:15 p.m.•230 views

CVE-2019-17017

Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox

8.8CVSS8.2AI score0.01684EPSS

CVE•added 2020/01/08 10:15 p.m.•218 views

CVE-2019-17016

When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox

6.1CVSS6.8AI score0.02173EPSS

CVE•added 2020/01/08 10:15 p.m.•213 views

CVE-2019-17022

When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer does not escape characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the...

6.1CVSS6.8AI score0.02922EPSS

CVE•added 2020/01/08 10:15 p.m.•213 views

CVE-2019-17024

Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 a...

8.8CVSS9.2AI score0.02105EPSS

CVE•added 2020/01/14 5:15 p.m.•98 views

CVE-2014-7844

BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.

7.8CVSS7.9AI score0.0091EPSS

CVE•added 2020/01/14 6:15 p.m.•68 views

CVE-2015-3147

daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.

6.5CVSS6AI score0.00535EPSS